Vulnerability Details CVE-2009-5009
Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.4%
CVSS Severity
CVSS v2 Score 5.0
Products affected by CVE-2009-5009
-
cpe:2.3:a:infradead:openconnect:1.00
-
cpe:2.3:a:infradead:openconnect:1.10
-
cpe:2.3:a:infradead:openconnect:1.20
-
cpe:2.3:a:infradead:openconnect:1.30